General
-
Target
034aee8a39217c018c7cd0bb4ee944b7_JaffaCakes118
-
Size
97KB
-
Sample
240930-z5778swalj
-
MD5
034aee8a39217c018c7cd0bb4ee944b7
-
SHA1
b9441f261a242dfcbaed4b9c4bcae91d55a4d752
-
SHA256
b46fecc35e89e6873cbfb36fc8f9f05724b2dd9cd868e8c30987e7940160421f
-
SHA512
f10a01bd0f9a7775eb8e1e3d758812a884049704841b93365061a5d865293674443c940a5d35a13fdfd817efa8b8000e154a6291fb75b70e8e9dd0c9140bbb13
-
SSDEEP
3072:eLXVdxe4/ZdX0PB6sJzzVaitUu2rqZFinQ2SnFgRyAfMRc:Ux3/rX0PBLJzpxUuZZCmFT
Malware Config
Extracted
pony
http://93.115.85.49/pox/stats.php
-
payload_url
http://zetov.info/dk/155.exe
http://zetov.info/dk/tx.exe
http://zetov.info/dk/768.exe
Targets
-
-
Target
034aee8a39217c018c7cd0bb4ee944b7_JaffaCakes118
-
Size
97KB
-
MD5
034aee8a39217c018c7cd0bb4ee944b7
-
SHA1
b9441f261a242dfcbaed4b9c4bcae91d55a4d752
-
SHA256
b46fecc35e89e6873cbfb36fc8f9f05724b2dd9cd868e8c30987e7940160421f
-
SHA512
f10a01bd0f9a7775eb8e1e3d758812a884049704841b93365061a5d865293674443c940a5d35a13fdfd817efa8b8000e154a6291fb75b70e8e9dd0c9140bbb13
-
SSDEEP
3072:eLXVdxe4/ZdX0PB6sJzzVaitUu2rqZFinQ2SnFgRyAfMRc:Ux3/rX0PBLJzpxUuZZCmFT
Score10/10-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-